chore(deps): update terraform cloudposse/iam-role/aws to v0.22.0 (main)

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
cloudposse/iam-role/aws (source)	module	minor	0.19.0 -> 0.22.0

---

Release Notes

cloudposse/terraform-aws-iam-role (cloudposse/iam-role/aws)

v0.22.0

Compare Source

feat: Allow overriding the whole assume policy @​pablotp (#​86)

what

Adds the assume_role_policy_document variable, allowing users to provide a complete JSON assume role policy for the IAM role. When set, this overrides the principals, assume_role_conditions, and assume_role_actions variables.

why

This enables advanced use cases where a custom trust policy is needed, offering more flexibility than the module’s built-in policy generation. If not set, the module’s default behavior remains unchanged.

Example of an assume policy that couldn't be generated before

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": [
          "arn:aws:iam::111122223333:role/app-prod-ci-agent",
          "AROAEXAMPLEID1",
          "arn:aws:iam::444455556666:role/ci-agent",
          "arn:aws:iam::111122223333:role/app-prod-use1-mz-4-ci-agent"
        ]
      },
      "Action": "sts:AssumeRole"
    },
    {
      "Effect": "Allow",
      "Principal": {
        "Federated": "arn:aws:iam::444455556666:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/EXAMPLEOIDC"
      },
      "Action": "sts:AssumeRoleWithWebIdentity",
      "Condition": {
        "StringEquals": {
          "oidc.eks.us-east-1.amazonaws.com/id/EXAMPLEOIDC:sub": "system:serviceaccount:ci:ci-agent"
        }
      }
    }
  ]
}

With the previous implementation, you could not generate the second statement with a different action (sts:AssumeRoleWithWebIdentity) and a different condition for the Federated principal.

references

• Alternative to https://github.com/cloudposse/terraform-aws-iam-role/pull/85
• When this feature is released, the Atmos component will be updated: https://github.com/cloudposse-terraform-components/aws-iam-role/pull/29

Cleanup Go mod for tests @​Benbentwo (#​87)

This pull request updates the `go.mod` file in the `test/src` directory to modernize the Go toolchain and dependencies. The most important changes include upgrading the Go version, introducing a new toolchain, and updating or adding several dependencies to newer versions.

Go toolchain updates:

• Upgraded Go version from 1.16 to 1.23.0 and added the toolchain go1.24.3 specification for better compatibility and performance.

Dependency updates:

• Updated existing dependencies to newer versions, including github.com/klauspost/compress (to v1.16.7) and github.com/stretchr/testify (to v1.10.0).
• Added new dependencies, such as github.com/hashicorp/go-cleanhttp (v0.5.2), github.com/hashicorp/go-safetemp (v1.0.0), and github.com/zclconf/go-cty (v1.15.0), to enhance functionality and support for modern features.
• Removed outdated dependencies, such as cloud.google.com/go/compute and github.com/aws/aws-sdk-go, which are no longer required.

🤖 Automatic Updates

Replace Makefile with atmos.yaml @​osterman (#​84)

what

• Remove Makefile
• Add atmos.yaml

why

• Replace build-harness with atmos for readme genration

References

• DEV-3229 Migrate from build-harness to atmos

v0.21.0

Compare Source

Bugfix/remove tags enabled @​IrinaZarzu (#​82)

what

• Removed the tags_enabled variable and set the tags as {}.

why

• Since tags from contex.tf is used to set the tags as {}, the variable tags_enabled is no longer needed.

references

• Closes #​81

v0.20.0

Compare Source

feat: support inline policies @​nitrocode (#​79)

what

• support inline policies

why

• Most of the time users want to create a specific policy for a specific role and don't realize that the same policy can be accidentally reused for another purpose which makes it difficult to delete the role and policy
• Inline policies do not need to be tagged
• If a managed policy is updated and is attached to multiple roles, now it will impact multiple roles

references

• closes #​78

🤖 Automatic Updates

Migrate new test account @​osterman (#​77)

what

• Update .github/settings.yml
• Update .github/chatops.yml files

why

• Re-apply .github/settings.yml from org level to get terratest environment
• Migrate to new test account

References

• DEV-388 Automate clean up of test account in new organization
• DEV-387 Update terratest to work on a shared workflow instead of a dispatch action
• DEV-386 Update terratest to use new testing account with GitHub OIDC

Update .github/settings.yml @​osterman (#​76)

what

• Update .github/settings.yml
• Drop .github/auto-release.yml files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

Update .github/settings.yml @​osterman (#​75)

what

• Update .github/settings.yml
• Drop .github/auto-release.yml files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

Update .github/settings.yml @​osterman (#​74)

what

• Update .github/settings.yml
• Drop .github/auto-release.yml files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

Update release workflow to allow pull-requests: write @​osterman (#​72)

what

• Update workflow (.github/workflows/release.yaml) to have permission to comment on PR

why

• So we can support commenting on PRs with a link to the release

Update GitHub Workflows to use shared workflows from '.github' repo @​osterman (#​71)

what

• Update workflows (.github/workflows) to use shared workflows from .github repo

why

• Reduce nested levels of reusable workflows

Update GitHub Workflows to Fix ReviewDog TFLint Action @​osterman (#​70)

what

• Update workflows (.github/workflows) to add issue: write permission needed by ReviewDog tflint action

why

• The ReviewDog action will comment with line-level suggestions based on linting failures

Update GitHub workflows @​osterman (#​69)

what

• Update workflows (.github/workflows/settings.yaml)

why

• Support new readme generation workflow.
• Generate banners

Use GitHub Action Workflows from `cloudposse/.github` Repo @​osterman (#​66)

what

• Install latest GitHub Action Workflows

why

• Use shared workflows from cldouposse/.github repository
• Simplify management of workflows from centralized hub of configuration

Bump golang.org/x/net from 0.0.0-20220421235706-1d1ef9303861 to 0.17.0 in /test/src @​dependabot (#​65)

Bumps [golang.org/x/net](https://redirect.github.com/golang/net) from 0.0.0-20220421235706-1d1ef9303861 to 0.17.0.

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Add GitHub Settings @​osterman (#​62)

what

• Install a repository config (.github/settings.yaml)

why

• Programmatically manage GitHub repo settings

Update Scaffolding @​osterman (#​60)

what

• Reran make readme to rebuild README.md from README.yaml
• Migrate to square badges
• Add scaffolding for repo settings and Mergify

why

• Upstream template changed in the .github repo
• Work better with repository rulesets
• Modernize look & feel

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

⛔ Ignored keywords (3)

• Bump
• chore(deps)
• WIP

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Join our Discord community for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[mergify]

/terratest